Assurance, Security and Prvy - Important Notes
In a __, each information asset is assigned a score for each of a set of assigned critical factor.
OPSEC
COMSEC
Weighted factor analysis
Data classification scheme
__ is simply how often you expect a specific type of attack to occur.
ARO
CBA
ALE
SLE
The __ is the individual primarily responsible for the assessment, management, and implementation of information security in the organization.
ISO
CIO
CISO
CTO
__ policies address the particular use of certain systems.
Systems-specific
General
Network-specific
Platform-specific
The __ strategy attempts to prevent the exploitation of the vulnerability.
Suspend control
Defend control
Transfer control
Defined control
The __ is a methodology for the design and implementation of an information system in an organization.
DSLC
SDLC
LCSD
CLSD
The actions an organization can and perhaps should take while an incident is in progress should be specified in a document called the __ plan.
BC
DR
IR
BR
There are individuals who search trash and recycling — a practice known as __ — to retrieve information that could embarrass a company or compromise information security.
Side view
Dumpster diving
Recycle diving
Garbage collection
In the U.S. Military classification scheme, __ data is any information or material the unauthorized disclosure of which reasonably could be expected to cause damage to the national security.
Confidential
Secret
Top secret
Sensitive
Many corporations use a __ to help secure the confidentiality and integrity of information.
System classification scheme
Data restoration scheme
Data hierarchy
Data classification scheme
Risk __ defines the quantity and nature of risk that organizations are willing to accept as they evaluate the tradeoffs between perfect security and unlimited accessibility.
Benefit
Appetite
Acceptance
Avoidance
A mail server that has a vulnerability which involves a hardware failure with a likelihood of 0.4. The mail server has an impact rate of 80. One control has been implemented that reduces the impact of vulnerability by 50%. Assumptions made on this asset have an 70% certainty.
25.6
24.6
23.6
26.6
______ is the percentage of value an asset lost due to an incident.
Exposure factor
Single loss expectancy
Annualized rate of occurrence
Annualized loss expectancy
______ policies are more specific to the operation of a system than ACLs, and they may or may not deal with users directly.
Rule
ACL
Temp
Session
Risk ______ is the application of controls to reduce the risks of an organization's data and information systems
Management
Control
Identification
Security
______ equals likelihood of vulnerability occurrence time value (or impact) minus percentage risk already controlled plus an element of uncertainty.
Probability
Risk
Possibility
Chance
Person or element that has the power to carry out a threat
Threat agent
Threat
Risk
Vulnerability
The formal decision making process used when considered the economic feasibility of implementing information security controls and safeguard is called a ______.
ARO
CBA
ALE
SLE
The ______ strategy attempts to shift risk to other assets, other process, or other organizations.
Transfer control
Defend control
Accept control
Mitigate control
______ plans usually include all preparations for the recovery process, strategies to limit losses during the disaster, and detailed steps to follow when the smoke clears, the dust settles, or the floodwaters recede.
IR
DR
BC
BR
The __ strategy is the choice to do nothing to protect a vulnerability and to accept the outcome of its exploitation.
Avoidance of risk
Transference
Mitigation
Accept control
__ is any technology that aids in gathering information about a person or organization without their knowledge.
A bot
Spyware
Trojan
Worm
Acts of __ can lead to unauthorized real or virtual actions that enable information gatherers to enter premises or systems they have not been authorized to enter.
Bypass
Nature
Trespass
Security
A __ is an attack in which a coordinated stream of requests is launched against a target from many locations at the same time.
Denial-of-service
Distributed denial-of-service
Virus
Spam
One form of online vandalism is __ operations, which interfere with or disrupt systems to protest the operations, policies, or actions of an organization or government agency.
Hacktivist
Phvist
Hackcyber
Cyberhack
In the well-known __ attack, an attacker monitors (or sniffs) packets from the network, modifies them, and inserts them back into the network.
Zombie-in-the-middle
Sniff-in-the-middle
Server-in-the-middle
Man-in-the-middle
__ are machines that are directed remotely (usually by a transmitted command) by the attacker to participate in an attack.
Drones
Helpers
Zombies
Servants
In a __ attack, the attacker sends a large number of connection or information requests to a target.
Denial-of-service
Distributed denial-of-service
Virus
Spam
__ are software programs that hide their true nature, and reveal their designed behavior only when activated.
Viruses
Worms
Spam
Trojan horses
A computer is the __ of an attack when it is used to conduct the attack.
Subject
Object
Target
Facilitator
The first phase in the development of the contingency planning process is the __.
BIA
BRP
DP9
IRP
__-based IDPSs look at patterns of network traffic and attempt to detect unusual activity based on previous baselines.
Firewall
Host
Network
Domain
A buffer against outside attacks is frequently referred to as a __.
Proxy server
No-man's land
DMZ
Firewall
The __ is based on and directly supports the mission, vision, and direction of the organization and sets the strategic direction, scope, and tone for all security efforts.
ISP
EISP
GSP
ISSP
A __ site provides only rudimentary services and facilities.
Cool
Warm
Hot
Cold
A(n) __ plan deals with the identification, classification, response, and recovery from an incident.
CM
BC
DR
IR
__ often function as standards or procedures to be used when configuring or maintaining systems.
ESSPs
EISPs
ISSPs
SysSPs
The website asset has an impact value score 90 and has one vulnerability. The vulnerability has likelihood of 0.7 with no controls in place. Assuming that the assumptions and data are 60% certain. Find the risk of the web site asset.
83.3
84.3
85.3
88.2
{"name":"Assurance, Security and Prvy - Important Notes", "url":"https://www.quiz-maker.com/QPREVIEW","txt":"In a __, each information asset is assigned a score for each of a set of assigned critical factor., __ is simply how often you expect a specific type of attack to occur., The __ is the individual primarily responsible for the assessment, management, and implementation of information security in the organization.","img":"https://www.quiz-maker.com/3012/images/ogquiz.png"}